How to disable recovery procedure on a router for security reason

Share

I want to disable the password recovery procedure on a Cisco router (i.e.: if i leave a router "alone" the users can't do the recovery procedure with the break caracter at the startup), is there a rommon configuration or a Jumper ?

I do not believe that there is any way to do this. The best that you can try is to change the console baud rate in rom-monitor, but this is just obfuscation. The only way that I can see to accomplish this is to fill the console port with epoxy or unsolder the console and aux ports from the board. NB: I strongly recommend against any of the above procedures. If people have physical access to the router, you will always be at risk. If soneone has physical access, they can sniff traffic off the ethernet, install a v.35 / fddi / whatever splitter nad sniff wan traffic, or they could just walk off with the while device. Your time and effort would be better served securing access to the space where the device is.

We have started locking all of our gear in secure cabinets. Until recently only about half of our gear was secure, so any kid/person who knew enough to read a few pdf's could have access to our entire network. lock them down...